ELA-311-1 tcpdump security update

untrusted input issue

2020-11-09
Packagetcpdump
Version4.9.3-1~deb8u2
Related CVEs CVE-2020-8037

The ppp de-capsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

The buffer should be big enough to hold the captured data, but it doesn’t need to be big enough to hold the entire on-the-network packet, if we haven’t captured all of it.

For Debian 8 jessie, these problems have been fixed in version 4.9.3-1~deb8u2.

We recommend that you upgrade your tcpdump packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/